def test_group_permissions_from_workspace(self):
"""
Johndoe is member in Workspace A,
Workspace A is member in Workspace B
=> Johndoe can access Workspace B
"""
self.login('johndoe')
# johndoe cannot access workspace-b
with self.assertRaises(Unauthorized):
self.traverse_to_item(self.workspace_b)
self.logout()
self.login_as_portal_owner()
# the group workspace-a gets added as member to workspace-b
self.add_user_to_workspace(
'workspace-a',
self.workspace_b,
)
obj = IGroup(self.workspace_b)
self.assertEqual(set(obj.getGroupMembers()),
set(['workspace-a', 'admin']))
self.logout()
# johndoe can now access workspace-b
self.login('johndoe')
self.traverse_to_item(self.workspace_b)
self.logout()
# but janeschmo still cannot
self.login('janeschmo')
with self.assertRaises(Unauthorized):
self.traverse_to_item(self.workspace_b)
def testIGroupAdapter(self):
"""Verify all methods of the IGroup adapter to the FacultyStaffDirectory content type
"""
from Products.membrane.interfaces import IGroup
from Products.CMFCore.utils import getToolByName
fsd = self.getPopulatedDirectory()
wf = getToolByName(fsd,'portal_workflow')
#adapt to IGroup
g = IGroup(fsd)
#group title is the content object title
fsd.setTitle("My FSD")
self.failUnless(g.Title()=="My FSD")
#roles are set on the object, but only available when object is published
fsd.setRoles(('Reviewer',))
# at first, object is 'visible', but not published, roles should be empty
self.failIf('Reviewer' in g.getRoles(),"roles are active, but content unpublished\nRoles: %s\nReviewState: %s" % (g.getRoles(), wf.getInfoFor(fsd,'review_state')))
#publish object
wf.doActionFor(fsd,'publish')
# now check again, role should be there
self.failUnless('Reviewer' in g.getRoles(),"Roles not active, but content published\nRoles: %s\nReviewState: %s" % (g.getRoles(), wf.getInfoFor(fsd,'review_state')))
# group id is set on content object, uniqueness is enforced elsewhere
self.failUnless(g.getGroupId()==fsd.getId(),"getGroupId returning incorrect value:\nExpected: %s\nReceived: %s" % (fsd.getId(), g.getGroupId()))
#members are obtained correctly
self.person1 = self.getPerson(id='abc123', firstName="Test", lastName="Person")
self.person2 = self.getPerson(id='def456', firstName="Testy", lastName="Persons")
self.person3 = self.getPerson(id='ghi789', firstName="Tester", lastName="Personage")
members = list(g.getGroupMembers())
members.sort()
self.failUnless(members == ['abc123','def456','ghi789'],"incorrect member list: %s" % members)
def getGroupsForPrincipal(self, principal, request=None):
person = self.context
groups = {}
for held_position in person.get_held_positions():
group = IGroup(held_position.position.to_object)
group_id = group.getGroupId()
groups[group_id] = 1
return tuple(groups.keys())
def getGroupsForPrincipal(self, principal, request=None):
groups = {}
for relationship in self.context.getGroupRelationships():
groups.update(dict.fromkeys([g.getUserId() for g in
self.context.getBRefs(relationship)]))
for parent in aq_chain(aq_inner(self.context)):
group = IGroup(parent, None)
if group is not None:
groups[group.getGroupId()] = 1
return tuple(groups.keys())
def test_group_permissions_from_workspace_recursive_transitive(self):
"""
Johndoe is member in Workspace A,
Janeschmo is member in Workspace B,
Workspace A is member in Workspace B,
Workspace B is member in Workspace C,
Workspace C is member in Workspace A:
=> Johndoe can access all workspaces
=> Janeschmo can access all workspaces
"""
self.login_as_portal_owner()
# john is already in A
# Add Jane to B.
self.add_user_to_workspace(
'janeschmo',
self.workspace_b,
)
# the group workspace-a gets added as member to workspace-b
self.add_user_to_workspace(
'workspace-a',
self.workspace_b,
)
# the group workspace-b gets added as member to workspace-c
self.add_user_to_workspace(
'workspace-b',
self.workspace_c,
)
# make c private instead of secret, so it can be added
api.content.transition(self.workspace_c, 'make_private')
# the group workspace-c gets added as member to workspace-a
self.add_user_to_workspace(
'workspace-c',
self.workspace_a,
)
obj = IGroup(self.workspace_a)
self.assertEqual(set(obj.getGroupMembers()),
set(['workspace-c', 'admin', 'johndoe']),
"Workspace A membership incorrect")
obj = IGroup(self.workspace_b)
self.assertEqual(set(obj.getGroupMembers()),
set(['workspace-a', 'admin', 'janeschmo']),
"Workspace B membership incorrect")
obj = IGroup(self.workspace_c)
self.assertEqual(set(obj.getGroupMembers()),
set(['workspace-b', 'admin']),
"Workspace C membership incorrect")
self.logout()
# johndoe can now access all 3 workspaces
self.login('johndoe')
self.traverse_to_item(self.workspace_a)
self.traverse_to_item(self.workspace_b)
self.traverse_to_item(self.workspace_c)
self.logout()
# janeschmo can also access all 3 workspaces
self.login('janeschmo')
self.traverse_to_item(self.workspace_a)
self.traverse_to_item(self.workspace_b)
self.traverse_to_item(self.workspace_c)
def getGroupsForPrincipal(self, principal, request=None):
groups = {}
# Get all BRefs that implement IGroup - slightly expensive
for obj in self.context.getBRefs():
group = IGroup(obj, None)
if group is not None:
groups[group.getGroupId()] = 1
for parent in aq_chain(aq_inner(self.context)):
group = IGroup(parent, None)
if group is not None:
groups[group.getGroupId()] = 1
return tuple(groups.keys())
def test_workgroup_security(self):
''' Check if that a workgroup assigned to a workspace allows his
members to see the workspace
'''
group = IGroup(self.workspace)
self.assertSetEqual(
set(group.getGroupMembers()),
{'test_user_1_', 'Test workgroup'},
)
self.assertTrue(
api.user.has_permission('View',
user=self.userprofile,
obj=self.workspace))
def testIGroupAdapter(self):
"""Verify all methods of the IGroup adapter to the FacultyStaffDirectory content type
"""
from Products.membrane.interfaces import IGroup
from Products.CMFCore.utils import getToolByName
fsd = self.getPopulatedDirectory()
wf = getToolByName(fsd, 'portal_workflow')
#adapt to IGroup
g = IGroup(fsd)
#group title is the content object title
fsd.setTitle("My FSD")
self.failUnless(g.Title() == "My FSD")
#roles are set on the object, but only available when object is published
fsd.setRoles(('Reviewer', ))
# at first, object is 'visible', but not published, roles should be empty
self.failIf(
'Reviewer' in g.getRoles(),
"roles are active, but content unpublished\nRoles: %s\nReviewState: %s"
% (g.getRoles(), wf.getInfoFor(fsd, 'review_state')))
#publish object
wf.doActionFor(fsd, 'publish')
# now check again, role should be there
self.failUnless(
'Reviewer' in g.getRoles(),
"Roles not active, but content published\nRoles: %s\nReviewState: %s"
% (g.getRoles(), wf.getInfoFor(fsd, 'review_state')))
# group id is set on content object, uniqueness is enforced elsewhere
self.failUnless(
g.getGroupId() == fsd.getId(),
"getGroupId returning incorrect value:\nExpected: %s\nReceived: %s"
% (fsd.getId(), g.getGroupId()))
#members are obtained correctly
self.person1 = self.getPerson(id='abc123',
firstName="Test",
lastName="Person")
self.person2 = self.getPerson(id='def456',
firstName="Testy",
lastName="Persons")
self.person3 = self.getPerson(id='ghi789',
firstName="Tester",
lastName="Personage")
members = list(g.getGroupMembers())
members.sort()
self.failUnless(members == ['abc123', 'def456', 'ghi789'],
"incorrect member list: %s" % members)
def getGroupsForPrincipal(self, principal, request=None):
person = self.context
groups = {}
for held_position in person.get_held_positions():
position = held_position.position
if position:
obj = position.to_object
if obj:
assignable = DexterityBehaviorAssignable(obj)
if assignable.supports(IMembraneGroup):
group = IGroup(obj)
group_id = group.getGroupId()
groups[group_id] = 1
return tuple(groups.keys())
def getRolesForPrincipal(self, principal, request=None):
roles = dict.fromkeys(IUserRoles(self.context).getRoles())
getGroups = getattr(principal, 'getGroups', lambda: tuple())
group_ids = getGroups()
if group_ids:
mbtool = getToolByName(self.context, TOOLNAME)
uSR = mbtool.unrestrictedSearchResults
groups = uSR(exact_getGroupId=group_ids,
object_implements=IGroup.__identifier__)
for g in groups:
group = IGroup(g._unrestrictedGetObject())
roles.update(dict.fromkeys(group.getRoles()))
return roles.keys()
def setSharing(ob, event):
if not hasattr(ob, 'getProject'):
return
project = ob.getProject()
# 设置初始的项目组角色
ob.manage_setLocalRoles(IGroup(project.teams.projectseniors).getGroupId(), ['Editor', 'Contributor'])
def testIGroupAdapter(self):
"""Verify all methods of the IGroup adapter to the Classification content type
"""
from Products.membrane.interfaces import IGroup
from Products.CMFCore.utils import getToolByName
wf = getToolByName(self.classification, 'portal_workflow')
#adapt to IGroup
g = IGroup(self.classification)
#group title is the content object title
self.classification.setTitle('New Title')
self.failUnless(
g.Title() == 'New Title',
"IGroup.getTitle is not finding the correct title:\nexpected: %s\nfound: %s"
% (self.classification.Title(), g.Title()))
# group id is set on content object, uniqueness is enforced elsewhere
self.failUnless(
g.getGroupId() == self.classification.getId(),
"getGroupId returning incorrect value:\nExpected: %s\nReceived: %s"
% (self.classification.getId(), g.getGroupId()))
#members are obtained correctly, regardless of how the classification was added
#added from person object
self.person.setClassifications((self.classification, ))
self.person2.setClassifications((self.classification, ))
members = list(g.getGroupMembers())
members.sort()
self.failUnless(members == ['abc123', 'def456'],
"incorrect member list: %s" % members)
#clear the list
self.classification.setPeople(())
self.failIf(
self.classification.getPeople(),
"there are still people listed in this classification: %s" %
self.classification.getPeople())
#added from classification object
self.classification.setPeople((self.person, self.person2))
members = list(g.getGroupMembers())
members.sort()
self.failUnless(members == ['abc123', 'def456'],
"incorrect member list: %s" % members)
#deactivate group and verify emptiness
wf.doActionFor(self.classification, 'deactivate')
members = list(g.getGroupMembers())
members.sort()
self.failUnless(
members == [],
"deactivated group has non-empty member list: %s" % members)
def testIGroupAdapter(self):
"""Verify all methods of the IGroup adapter to the Classification content type
"""
from Products.membrane.interfaces import IGroup
from Products.CMFCore.utils import getToolByName
wf = getToolByName(self.committee,'portal_workflow')
#adapt to IGroup
g = IGroup(self.committee)
#group title is the content object title
self.committee.setTitle('New Title')
self.failUnless(g.Title()=='New Title',"IGroup.getTitle is not finding the correct title:\nexpected: %s\nfound: %s" % (self.committee.Title(),g.Title()))
# group id is set on content object, uniqueness is enforced elsewhere
self.failUnless(g.getGroupId()==self.committee.getId(),"getGroupId returning incorrect value:\nExpected: %s\nReceived: %s" % (self.committee.getId(), g.getGroupId()))
#members are obtained correctly, regardless of how the classification was added
#added from person object
self.person.setCommittees((self.committee,))
self.person2.setCommittees((self.committee,))
members = list(g.getGroupMembers())
members.sort()
self.failUnless(members == ['abc123','def456'],
"incorrect member list: %s" % members)
#clear the list
self.committee.setMembers(());
self.failIf(self.committee.getMembers(),
"there are still people listed in this committee: %s" % self.committee.getMembers())
#added from classification object
self.committee.setMembers((self.person,self.person2))
members = list(g.getGroupMembers())
members.sort()
self.failUnless(members == ['abc123','def456'],
"incorrect member list: %s" % members)
#deactivate group and verify emptiness
wf.doActionFor(self.committee,'deactivate')
members = list(g.getGroupMembers())
members.sort()
self.failUnless(members == [],"deactivated group has non-empty member list: %s" % members)
def getTeamsOrUsers(self):
teams = self.context.aq_inner.contentValues({'portal_type': ['Team']})
teamsids = [team.getId() for team in teams]
ksscore = self.getCommandSet('core')
selector = ksscore.getSelector('samenode', '')
content = "<select class=\"selectarea\" style=\"display: inline;\">"
content += "<option value=\"please select a option\">分配权限给...</option>"
content += "<optgroup label='项目组'>"
for team in teams:
if team.getId() != 'projectmanagers':
content += "<option value=\"" + IGroup(team).getGroupId() + \
"\">" + team.pretty_title_or_id() + \
"</option>"
content += "</optgroup>"
project = self.context.getProject()
adapter = IOrganizedEmployess(project.teams)
cp = adapter.get_all_companies_and_people()
for k in cp.keys():
count = 0
for i in cp[k]:
if count == 0:
content += "<optgroup label='" + i.pretty_title_or_id() \
+"'>"
count += 1
else:
content += "<option value=\"" + i.getId() + \
"\">" + i.pretty_title_or_id() + \
"</option>"
count += 1
content += "</optgroup>"
content += "</select>"
content = force_unicode(content, 'utf-8')
ksscore.insertHTMLAfter(selector, content)
selectarea = ksscore.getSelector('css', '.selectarea')
ksscore.focus(selectarea)
def test_group_permissions_from_workspace_recursive(self):
"""
Johndoe is member in Workspace A,
Janeschmo is member in Workspace B,
Workspace A is member in Workspace B,
Workspace B is member in Workspace A:
=> Johndoe can access both workspaces
=> Janeschmo can access both workspaces
"""
self.login_as_portal_owner()
# john is already in A
# Add Jane to B.
self.add_user_to_workspace(
'janeschmo',
self.workspace_b,
)
# the group workspace-a gets added as member to workspace-b
self.add_user_to_workspace(
'workspace-a',
self.workspace_b,
)
# the group workspace-b gets added as member to workspace-a
self.add_user_to_workspace(
'workspace-b',
self.workspace_a,
)
obj = IGroup(self.workspace_a)
self.assertEqual(set(obj.getGroupMembers()),
set(['workspace-b', 'admin', 'johndoe']),
"Workspace A membership incorrect")
obj = IGroup(self.workspace_b)
self.assertEqual(set(obj.getGroupMembers()),
set(['workspace-a', 'admin', 'janeschmo']),
"Workspace B membership incorrect")
self.logout()
# johndoe can now access workspace-a and workspace-b
self.login('johndoe')
self.traverse_to_item(self.workspace_a)
self.traverse_to_item(self.workspace_b)
self.logout()
# janeschmo can also access both workspaces
self.login('janeschmo')
self.traverse_to_item(self.workspace_a)
self.traverse_to_item(self.workspace_b)
def test_basic_group_membership(self):
obj = IGroup(self.workspace_a)
self.assertEqual(set(obj.getGroupMembers()), set(['johndoe', 'admin']))
def test_group_title(self):
obj = IGroup(self.workspace_a)
self.assertEqual(obj.getGroupName(), self.workspace_a.Title())
def test_group_interface_provided(self):
self.assertTrue(IGroup(self.workspace_a, None) is not None)
def getGroups(self):
teams = self.context.aq_inner.contentValues()
return [IGroup(team).getGroupId() for team in teams]
